QwikSec

Security Database

CVE

CWE

Training

CVE-2005-2898

Published: Sep 14, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328

x_refsource_MISC

filezilla-password-weak-encryption(22135)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

20050902 FileZilla weakly-encrypted password vulnerability: advisory + PoC

mailing-list

x_refsource_BUGTRAQ

20050904 Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.